docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Configure UCP to trust multiple registries

This commit is contained in:
Joao Fernandes 2017-12-13 15:37:30 -08:00 committed by Jim Galasyn
parent b6d3f2e462
commit 98ce2a1c6e
2 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1591,6 +1591,8 @@ manuals:
title: Join Windows worker nodes to your cluster title: Join Windows worker nodes to your cluster
- path: /datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer/ - path: /datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer/
title: Use a load balancer title: Use a load balancer
- path: /datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries/
title: Integrate with multiple registries
- sectiontitle: Monitor and troubleshoot - sectiontitle: Monitor and troubleshoot
section: section:
- path: /datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/ - path: /datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/

68
datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md Normal file
View File

@ -0,0 +1,68 @@
---
title: Integrate with multiple registries
description: Integrate UCP with multiple registries
keywords: trust, registry, integrate, UCP, DTR
---
Universal Control Plane can pull and run images from any image registry,
including Docker Trusted Registry and Docker Store.
If your registry uses globally-trusted TLS certificates, everything works
out of the box, and you don't need to configure anything. But if your registries
use self-signed certificates or certificates issues by your own Certificate
Authority, you need to configure UCP to trust those registries.
## Trust Docker Trusted Registry
To configure UCP to trust a DTR deployment, you need to update the
[UCP system configuration](ucp-configuration-file.md) to include one entry for
each DTR deployment:
```
[[registries]]
host_address = "dtr.example.org"
ca_bundle = """
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"""
[[registries]]
host_address = "internal-dtr.example.org:444"
ca_bundle = """
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"""
```
You only need to include the port section if your DTR deployment is running
on a port other than 443.
You can customize and use the script below to generate a file named
`trust-dtr.toml` with the configuration needed for your DTR deployment.
```
# Replace this url by your DTR deployment url and port
DTR_URL=https://dtr.example.org
DTR_PORT=443
dtr_full_url=${DTR_URL}:${DTR_PORT}
dtr_ca_url=${dtr_full_url}/ca
# Strip protocol and default https port
dtr_host_address=${dtr_full_url#"https://"}
dtr_host_address=${dtr_host_address%":443"}
# Create the registry configuration and save it it
cat <<EOL > trust-dtr.toml
[[registries]]
# host address should not contain protocol or port if using 443
host_address = $dtr_host_address
ca_bundle = """
$(curl -sk $dtr_ca_url)"""
EOL
```
You can then append the content of `trust-dtr.toml` to your current UCP
configuration to make UCP trust this DTR deployment.
[Learn how to customize your UCP configuration file](external-auth/enable-ldap-config-file.md).